Description: | Summary: The remote host is missing an update for the 'ImageMagick' package(s) announced via the SUSE-SU-2012:0763-1 advisory.
Vulnerability Insight: This update of ImageMagick fixes multiple security vulnerabilities that could be exploited by attackers via specially crafted image files:
* CVE-2012-0259 / CVE-2012-1610: Integer overflow when processing EXIF directory entries with tags of e.g. format 5 (EXIF_FMT_URATIONAL) and a large components count. * CVE-2012-0247 / CVE-2012-1185: Integer overflows via 'number_bytes' and 'offset' could lead to memory corruption. CVE-2012-0248 / CVE-2012-1186: Denial of service via 'profile.c'. * CVE-2012-0260: Denial of service via JPEG restart markers (excessive CPU consumption). * CVE-2012-1798: Copying of invalid memory when reading TIFF EXIF IFD.
Security Issue references:
* CVE-2012-0247 > * CVE-2012-0248 > * CVE-2012-1185 > * CVE-2012-1186 > * CVE-2012-0259 > * CVE-2012-0260 > * CVE-2012-1798 > * CVE-2012-1610 >
Affected Software/OS: 'ImageMagick' package(s) on SUSE Linux Enterprise Desktop 11 SP1, SUSE Linux Enterprise Desktop 11 SP2, SUSE Linux Enterprise Server 11 SP1, SUSE Linux Enterprise Server 11 SP2, SUSE Linux Enterprise Software Development Kit 11 SP1, SUSE Linux Enterprise Software Development Kit 11 SP2.
Solution: Please install the updated package(s).
CVSS Score: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
|